DOM
Identical DOM structure hash detected across 9 domains indicates a cloned website template or shared codebase used to mass-produce scam sites. This forensic signal shows the attackers copied the same HTML/CSS layout framework across multiple domains to facilitate rapid deployment of fraudulent schemes.
Fingerprint
a5c6a6b79c25d09d8cf84e693da7d6a02de3f0aef8b8cbc4c9680d74a27db572- Detections
- 9
- Hash type
- DOM structure
- Status
- Active
- Last scanned
- May 2026
12026-03
32026-04
52026-05
Detected domains
9eswao.com
OnlineTrust 26Apr 28, 2026fowatu.com
OnlineTrust 1Apr 2, 2026luxolplays.com
OnlineTrust 1May 2, 2026myweu.com
OnlineTrust 1May 4, 2026velmunix.com
OnlineTrust 1Mar 22, 2026xhodes.com
OnlineTrust 1May 4, 2026xhopex.com
OnlineTrust 1Apr 15, 2026xmagex.com
OnlineTrust 1May 11, 2026xopeu.com
OnlineTrust 1May 12, 2026
Related signals
7BU
Build #26
Nexus Syndicate
Active
- 118
- detections
FA
Favicon #42
Nexus Syndicate
Active
- 81
- detections
FA
Favicon #50
Nexus Syndicate
Active
- 55
- detections
BU
Build #70
Nexus Syndicate
Active
- 36
- detections
BU
Build #66
Nexus Syndicate
Active
- 20
- detections
BU
Build #55
Nexus Syndicate
Active
- 16
- detections
BU
Build #60
Nexus Syndicate
Active
- 10
- detections